1. Field of the Invention
The invention relates to detection of errors in received cryptographic synchronization initialization vectors used for securing communications over a communications channel, and in particular, to an apparatus and method of evaluating whether a received initialization vector, even if erroneous, is due to channel errors or to an incorrect initialization vector, all without substantially adding to overhead of the communication.
2. Problems in the Art
One conventional way to secure communications over a communications channel, for example two-way radio, is to encrypt the information, whether voice or data. A widely used encryption method is the use of block ciphers such as Data Encryption Standard (DES) operating in an output feedback mode (OFM).
As is well known in the art, DES in OFM uses an initialization vector (IV) to seed the encryption algorithm in DES with a beginning value. IV is usually changed over time. Optimally, it is changed in a pseudo-random fashion. The more that IV looks like a random number, the better the security of the encryption method. DES and DES modes of operation are discussed in detail in Federal Information Processing Standard FIPS-46-2 and FIPS-81, published by the National Institute of Standards and Technology.
There are many types of secure communications systems (e.g. encryption and scrambling) that utilize initialization vectors (IVs) to achieve cryptographic synchronization (crypto sync). Many secure communications systems utilize ciphers operating in one of several feedback modes, and IVs are used to initialize the ciphers.
To decrypt an encrypted message that utilizes IV, the receiver must know IV precisely. The receiver decryption system has to essentially reverse engineer the true content of the communication by reversing the encryption process. To do so, the receiver must know the precise IV for the relevant precise piece or block of encrypted communication that is based on that IV. Thus IV must be communicated to the receiver over a communications channel. In many applications, IV can be many bits long. For example, in DES, IV is conventionally 64 bits long.
In a perfect communications channel, IV could be expected to be transmitted and received without error in any bit. However, most communications channels are not perfect, and some are very noisy or subject to fading. As is discussed in U.S. Pat. No. 5,195,136, many or most communications channels have noise or fading which can corrupt IV so that some bits are received in erroneous form.
Many times IV is sent repeatedly throughout a transmitted communication to enable the receiver to achieve late entry to a communication or to reestablish synchronization during a communication. A 64 bit IV can take up appreciable headroom or overhead when repeated in that manner. Furthermore, statistically, the probability of error in each bit of the 64 bit IV can be quite substantial. If only one bit is erroneous, cryptographic synchronization is prevented and decryption is prevented. Therefore, achievement, maintenance and re-establishment of cryptographic synchronization is a significant problem. Without such synchronization on a substantially continuous basis, the received message is broken up, or, in bad conditions, no intelligible parts of the message are recovered.
Two examples of how the state of the art has attempted to deal with the problems caused by errors in received IVs are discussed below. One method employs forward error correcting (FEC) codes to minimize the adverse effects of the channel. However, this adds overhead to the system, which may not always be possible or desirable. FEC codes are discussed at Lin, Shu and Costello, Daniel J., "Error Control Coding: Fundamentals and Applications", Prentice-Hall 1983, which is incorporated by reference herein.
Another method detects errors, instead of correcting them. For instance, some systems employ what is well known in the art as coasting, which is the ability to continue to operate properly even when an IV has been received in error. A reference discussing coasting is U.S. Pat. No. 4,893,339, entitled "Secure Communication System", which is incorporated by reference herein.
This is often done by using a sequence of IVs which may be predicted by the receiver, such as might be generated by a linear feedback shift register. Under such conditions it is only necessary to determine whether or not the received IV contains errors. If errors are detected, the receiver utilizes the predicted IV to maintain crypto sync, and ignores (or coasts over) the actually received but erroneous IV.
However, the process of detecting erroneous IVs consists of using error detection codes, of which a cyclic redundancy check (CRC) is most commonly employed. As with error correcting codes, error detecting codes add overhead to the system, which may not be possible or desirable.
The Telecommunications Industry Association Standard TIA/EIA/IS-102.AAAA sets forth an example which illustrates many of the prior art concepts referenced herein.
A general reference on cryptography and random numbers is Applied Cryptography, Second Edition, by Bruce Schneier, published by John Wiley & Sons in 1996.
Thus, while these error correcting and error detecting methods can work, the overhead needed to facilitate them is substantial. Therefore, there is a real need in the art for an error detection system which does not substantially increase overhead to the communication but improves maintenance of crypto sync.
It is therefore a primary object of the present invention to provide an apparatus and method for detecting erroneous initialization vectors and maintaining crypto sync without increase of overhead by using error correcting or error detecting codes.
Further objects, features, and advantages of the present invention include an apparatus and method as above-described which:
1. do not substantially increase overhead in the communication. PA1 2. provide an efficient and reasonably accurate way to distinguish between errors in a received IV caused by channel transmission problems and an incorrect predicted IV, so that cryptographic synchronization can be sustained at a high level. PA1 3. are flexible and adaptable in their application, implementation and use, including different methods of securing communications. PA1 4. are especially useful when communicating information over a communications channel that is less than ideal with respect to possible corruption of the information being transmitted. PA1 5. can detect and remedy synchronization errors even in less than perfect communications channels. PA1 6. can achieve and maintain cryptographic synchronization even when initialization vectors are partially or wholly destroyed by channel conditions or burst errors. PA1 7. can indicate that a predicted vector has been incorrectly calculated or that there is some other problem with cryptographic sync.
These and other objects, features and advantages of the present invention will become more apparent with reference to the accompanying specification and claims.